Employees of companies with access to databases are one of the main sources of leakage risk. More than half of the confidential information of users gets into the network precisely because of former employees. Andrey Prozorovsky, head of the information security department at IMBA IT, spoke about this on Wednesday, February 8.
“It is important to understand that you cannot build a balanced defense system if you neglect the insider. And this applies to both small companies and corporations with thousands of employees. Typical insider threat incidents are unauthorized access to confidential information,” the expert said in an interview with Lenta.Ru.
Prozorovsky noted that there are many opportunities for unauthorized access to corporate data: external media, steganography of audio or video materials, as well as photographing the screen of a working device.
He noted that reviewing the layoffs policy could be one way to solve the problem.
“Russian companies often leave the employee access to the system after the announcement of the breakup. From the point of view of information security, the Western practice of dismissing one day is more correct. Either it is worth limiting or controlling such critical administrators,” he suggested.
Another option would be to use the “second hand rule”, where two people must confirm any critical actions in the system. According to the head of the department, this works both to ensure information security and to protect against errors.
The day before, Evgeny Khasin, Deputy Director of the Cybersecurity Department of the Ministry of Digital Development, said at the Infoforum that students in Russian schools could begin to be taught cyber hygiene.
In turn, Academician of the Russian Academy of Education, Doctor of Pedagogical Sciences Evgeny Yamburg said in an interview with NSN, that you should not limit yourself to the cyber hygiene of children, parents should also be taught how to use the Internet safely.
In January, PRO32 CTO Vitaly Zemskikh told how to avoid leaking passwords from online services. According to him, you should familiarize yourself with the information about the password manager, since it is likely that the program you like has already been seen in a data leak. In this case, you should not use it.
#Named #main #source #risk #data #leakage #companies